Cryptography for Mere Mortals #9

An occasional feature, Cryptography for Mere Mortals attempts to provide clear, accessible answers to questions about cryptography for those who are not cryptographers or mathematicians.

A final (maybe!) word on hashes:

Q: I see that NIST has selected a new hash algorithm, to be called “SHA-3”. Does this obsolete SHA-2?

A: Not really. About five years ago, there were suggestions in the crypto community that SHA-2 might be “broken” soon: that is, that there might be ways (at least in some cases, given enough hashed data) to figure out the original values that might have been hashed. As a result, NIST put out a public call for new hash algorithms.

Since then, SHA-2 has remained secure, so it’s still considered safe to use. NIST’s policy states, “When the SHA-3 hash algorithm becomes available, it may also be used for all applications that employ secure hash algorithms. At this time, there is no need or plan to transition applications from SHA-2 to SHA-3.”

And as noted in this article, having a new algorithm available is an “insurance policy” in case SHA-2 ever is broken: that is, assuming one has implemented SHA-3 by then as an option (as most cryptographic providers likely will), switching from SHA-2 to SHA-3 will be relatively easy, with no delay while a new solution is developed.

So while SHA-3 is interesting and forward-thinking, it has no real impact today.